From e1f33a6bf73050ceed5081b0f774d91501dee133 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Thu, 23 Jun 2022 17:57:55 -0700 Subject: fix(modules/sourcegraph): configure nginx to bind to tailscale IP Only serve a response if the request is coming from tailscale. To ensure this is the case, let's configure nginx to only listen on the tailscale IP of the host for that server. Note: the IP for tailscale is hard coded, there has to be a better way. Change-Id: I684f2da60a128652fac2f7004bec22ce4bf959d0 Reviewed-on: https://cl.fcuny.net/c/world/+/486 Tested-by: CI Reviewed-by: Franck Cuny --- modules/services/sourcegraph/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'modules') diff --git a/modules/services/sourcegraph/default.nix b/modules/services/sourcegraph/default.nix index 92653c1..0845c55 100644 --- a/modules/services/sourcegraph/default.nix +++ b/modules/services/sourcegraph/default.nix @@ -32,6 +32,18 @@ in services.nginx.virtualHosts."${cfg.vhostName}" = { forceSSL = true; useACMEHost = cfg.vhostName; + listen = [ + { + addr = "100.85.232.66"; + port = 443; + ssl = true; + } + { + addr = "100.85.232.66"; + port = 80; + ssl = false; + } + ]; locations."/" = { proxyPass = "http://127.0.0.1:7080"; }; }; -- cgit 1.4.1